Mitigating the Growing Risk of Identity Theft

The increasing number of connected technologies used by businesses and consumers is creating more points of data vulnerability. Each new endpoint provides a potential “in” for hackers and increases the risk of identity theft from data exposure.

Business owners must recognize the growing identity theft threat to their companies, employees and customers and take steps to mitigate the risks and ensure personal data stays out of the hands of malicious third parties.

More Technology, Greater Risk

The vision of a completely connected world, once realized only in science fiction, is quickly becoming a reality. Internet of Things (IoT) technology forms an expanding web of devices in constant communication with each other and with a variety of networks. This connectivity permeates every aspect of business and personal lives and has greatly increased the risk of identity theft.

According to a survey by The Harris Poll, almost 15 million people had their identities stolen in 2017 and experienced nearly $17 billion in total losses. The Consumer Sentinel Network lists identity theft as the second most common reason for fraud reports, surpassed only by debt collection fraud.

Why are connected technologies of particular concern when considering identity theft risk? IoT devices constantly collect and send data about users, including intimate details most consumers never realize they’re sharing. Modern hackers have access not only to identifying information but also may obtain data about individuals’ personal lives, right down to their fitness habits, the groceries they buy most often and even rough maps of their homes.

Today’s Biggest Threats to Identity

Although the Federal Trade Commission lists employment and tax fraud and credit card fraud as the two most common forms of identity theft, account takeovers are becoming more attractive to modern hackers. More connectivity means hackers can gain access to a larger database of information and launch more widespread attacks using a single set of stolen credentials.

In the 1,597 data breaches recorded by the Identity Theft Resource Center in 2017, hackers gained access to users’ names, social security numbers, birthdates and driver’s license numbers, all of which can be used to impersonate an individual or mine for more data. However, to steal an account, all a hacker needs is a user’s login information and a strategy for flying under the radar when committing fraudulent acts.

The risks associated with this type of identity theft are seen in the increasing popularity of online fraud, especially in the realm of online payments. Over 80 percent of credit card fraud is now committed in “card not present” situations, such as the use of digital payment gateways. Electronic Health Records (EHRs) are also popular targets, although hackers seem to be developing a greater interest in social security numbers when obtaining user data.

Business Identity Theft?

Individuals aren’t the only ones at risk. Businesses can also fall victim to identity theft. Both the high volume of activity and large transactions occurring at the corporate level attract hackers looking for big payouts. Unlike in data breaches, however, hackers committing business identity theft don’t infiltrate a network to steal information. Instead, they impersonate the identity of a business to commit fraud.

Businesses of all sizes are susceptible to this form of identity theft, but small businesses may be at a greater risk due to a tendency to ignore potential threats. Over half of small businesses have no concept of their level of risk from cyber attacks, and 58 percent fall victim to malware as a result. Business identity theft can affect credit score, cash flow, tax filings and brand reputation.

Strategies to Safeguard Identity

Business owners and corporate IT specialists must be aware of the risks associated with the unique nature of their onsite networks and the ways in which employees and customers connect to and interact with these networks.

Identity theft “red flag” risk assessments and routine security audits reveal points of weakness and the need for stronger safeguards and better access management polices. Using information gathered from these assessments, businesses should:

• Invest in updated security software designed to handle connected technologies
• Consider incorporating machine learning into security protocols
• Review and update access permissions
• Implement data encryption tools
• Establish protocols for user provisioning and deprovisioning
• Create policies limiting which company details can be shared publicly
• Continually educate employees on how to minimize risk

Securing internal networks with these tactics closes many common loopholes hackers use to access personal information and helps to protect businesses, employees and customers from the devastating consequences of identity theft.

Although the rapid spread of new technologies is putting personal information at greater risk for theft, business owners can take steps to increase security and protect proprietary and consumer data. Technology will continue to shift and expand, and diligent awareness of threats is essential to preserve data privacy and prevent identity theft.